Professional Documents
Culture Documents
NFS Mounts
The soft option attempts to mount a file system once, then gives up with an erro
r message if it fails
The intr option allows applications to be interrupted while waiting for a remote
mount
The bg option tells mount to retry a failed mount attempt in the background, all
owing the foreground mount process to continue.
By default, NFS mounts are not performed in the background, so fg is the default
.
anon=-1
Unauthenticated users have no access to this file system
share -F nfs -o ro,rw=sales,root=admin /export/stuff
- The root user from the client admin is allowed superuser access to the shared
resource,
but this does not override the read-only share option.
autofs
/etc/auto_master: <mountPoint> <mapName> [mountOptions]
|-> /local auto_local -nobrowse (indirect map)
|-> /- -> this map is a direct map or that no particular mount point is spec
ified
/etc/auto_direct: <key> [<mountOptions>] <location>
/share senate:/export/local/share
The -nobrowse option prevents all of the unmounted mount points from being displ
ayed
RAID
RAID 1 performs better than RAID 5 for write-intensive applications
Parity slows down performance, whereas striping improves it
Which two are correct statements about the performance of a RAID 1 (mirror) in c
omparison with a RAID 5 volume?
- Hardware costs are highest with RAID 1 (You need at least twice as much disk s
pace as the amount of data to be mirrored)
- Best performance during failure (If one of the sub mirrors fails the other one
is still active. With RAID 5 any failure will result in no access to that data
while the data is rebuilt from the parity information)
By default, the Solaris Volume Manager Software is configured to support 128 log
ical volumes (upto 8192 logical volumes per disk set)
The system cannot reboot into multiuser mode unless a majority (half + 1) of the
total number of state database replicas is available
Which two are valid mirror read policies in Solaris Volume Manager (SVM)?
First is a valid mirror read policy in SVM
Geometric is a valid mirror read policy in SVM
Parallel is a mirror write policy in SVM
Solaris Volume Manager does not support five-way mirrors.
neMngmnt.html
VDCF resource Module:::Allows Execution of VDCF resource Modules:
VDCF hwmonitor Module:::Allows Execution of VDCF hwmonitor Modules:
mech@S0000 $ more /etc/security/exec_attr
All Actions:solaris:act:::*;*;*;*;*:
All:solaris:act:::*;*;*;*;*:
All:suser:cmd:::*:
Audit Control:solaris:act:::AuditClass;*;*;*;*:privs=all
Audit Control:solaris:act:::AuditControl;*;*;*;*:privs=all
Audit Control:solaris:act:::AuditEvent;*;*;*;*:privs=all
VDCF virtual Module:solaris:cmd:::/opt/jomasoft/vdcf/mods/virtual/vsrv_show:priv
s=all
VDCF virtual Module:solaris:cmd:::/opt/jomasoft/vdcf/mods/virtual/vsrv_uninstall
:privs=all
Web Console Management:solaris:cmd:::/usr/share/webconsole/private/bin/smcwebsta
rt:uid=noaccess;gid=noaccess;privs=proc_audit
ZFS File System Management:solaris:cmd:::/sbin/zfs:euid=0
Zone Management:solaris:cmd:::/usr/sbin/zoneadm:uid=0
Zone Management:solaris:cmd:::/usr/sbin/zonecfg:uid=0
VDCF hwmonitor Module:solaris:cmd:::/opt/jomasoft/vdcf/mods/hwmonitor/hwmon_show
_usage:privs=all
VDCF install Module:solaris:cmd:::/opt/jomasoft/vdcf/mods/install/cgi/keep_alive
.cgi:privs=all
VDCF install Module:solaris:cmd:::/opt/jomasoft/vdcf/mods/install/cgi/transfer_u
sage_info.cgi:privs=all
mech@S0000 $ more /etc/security/auth_attr
<<<<<<< auth_attr:::::
solaris.:::All Solaris Authorizations::help=AllSolAuthsHeader.html
solaris.admin.dcmgr.:::OS Server Manager::help=AuthDcmgrHeader.html
solaris.admin.dcmgr.admin:::Manage OS Services and Patches::help=AuthDcmgrAdmin.
html
solaris.admin.printer.delete:::Delete Printer Information::help=AuthPrinterDelet
e.html
solaris.admin.printer.modify:::Update Printer Information::help=AuthPrinterModif
y.html
solaris.admin.printer.read:::View Printer Information::help=AuthPrinterRead.html
solaris.admin.privilege.:::Privileges::help=AuthPrivilegeHeader.html
solaris.admin.privilege.write:::Manage Privileges::help=AuthPrivilegeWrite.html
solaris.snmp.write:::Set SNMP Information::help=AuthSnmpWrite.html
solaris.system.:::Machine Administration::help=SysHeader.html
solaris.system.date:::Set Date & Time::help=SysDate.html
solaris.system.shutdown:::Shutdown the System::help=SysShutdown.html
auth_attr. Authorization attributes database. Defines authorizations and their a
ttributes.
exec_attr. Execution attributes database. Identifies the commands with security
attributes that are
assigned to specific rights profiles.
prof_attr. Rights profile attributes database. Defines rights profiles and lists
the assigned authorizations
for the profi les.
user_attr. Extended user attributes database. Associates users with roles and ro
les with authorizations
and rights, typically through profiles. These four databases also contain the
relationships between rights,
rights profi les, roles, and users.
lpr
The line printer spooling system, such as the lpr and lpc commands.
news Files reserved for the USENET network news system.
uucp (obsolete) The UNIX-to-UNIX copy (UUCP) system does not use the syslog fu
nction.
cron The cron and at facilities, including crontab, at, and cron.
local0-7 Eight user-defined codes.
the level selector specifies the severity or importance of the message.
Each level includes all the levels above (of a higher severity).
To remember the sequence for the certification exam you can use an appropriately
constructed phase like "Every alerted cardriver escapes warning notice"
emerg 0 Panic conditions that are normally broadcast to all users
alert 1 Conditions that should be corrected immediately, such as a corrupted s
ystem database. Only sysadmin of a particular server needs to be informed by mai
l or paged.
crit
2 Warnings about critical conditions, such as hard device errors.
err
3 Errors other than hard device errors
warning 4 Warning messages, that generally does not interfere with normal operat
ion.
notice 5 Non-error conditions that might require special handling
info
6 Purely informational messages (usually does not require any handling)
debug 7 Messages that are normally used only when debugging a program
none
8 Messages are not sent from the indicated facility to the selected file
Verify /etc/syslog.conf
/usr/ccs/bin/m4 -D LOGHOST /etc/syslog.conf
name service must be hierarchical and required to be Internet wide
-NIS+ will provide a hierarchical solution but is not Internet wide.
-LDAP will provide a hierarchical solution but is not yet Internet wide.
+DNS will provide a hierarchical solution and is Internet wide.
characteristics of the NIS Naming Service
- Does not use a domain hierarchy
- Information is stored in Maps
characteristics of the NIS+ Naming Service
- Root and non-root Master Servers
characteristics of the LDAP Naming Service
- Uses a Directory Information Tree
- Relative Distinguised Names
three are steps required when configuring a NIS slave server
- It is necessary to configure the NIS domain name on all hosts in the NIS domai
n
- A NIS slave is configured as a NIS client first to enable it to bind to the ma
ster server.
It is then reconfigured as a NIS slave
- It is necessary to start the NIS server processes with the svcadm command
files created when you configure an LDAP client
- /var/ldap/ldap_client_cred
- /var/ldap/ldap_client_file
Solaris10 install DNS Setup
- You can specify up to six search domains
Which daemon is responsible for maintaining and updating the client profile info
rmation in an LDAP configuration?
- ldap_cachemgr
Which two are daemons which are running on this NIS master server
The rpc.yppasswdd daemon runs on a Solaris 10 NIS master server.
The ypbind daemon runs on a Solaris 10 NIS master server.
The /var/yp/securenets file defines the networks or hosts which are allowed acce
ss to information provided by the Network Information Service
NIS maps need to be updated
You must be in the /var/yp directory when the /usr/ccs/bin/make command is run.
This is the location of the timestamp files that are referenced by the /usr/ccs/
bin/make program
The ypwhich -m command displays the master server for each NIS map
you wish to ensure that the root user's password account information is not inco
rporated in the NIS passwd maps
Copying these files to the location specified by the the PWDIR value (/var/yp/Ma
kefile) allows the NIS master to source user account information from somewhere
other than the /etc directory. The entries that are not required in the NIS map
can be deleted from the files in this location.
Zones
The zoneadmd daemon is primarily responsible for managing the zone's virtual pla
tform
Every zone has an associated kernel process called zsched. The zsched process ke
eps track of per-zone kernel threads
zoneadm -z apache-zone ready -> ask for:
You will be asked to provide the Timezone value.
Name service information will be requested.
You will be asked to provide the root password.
zonecfg -z webzone delete -> failed
-> The zone must be uninstalled before being deleted.
Jumpstart
Which three are sources from which JumpStart clients can obtain identification i
nformation?
The JumpStart client can obtain its IP address from the /etc/inet/hosts file on
the boot server.
The /export/config/sysidcfg file contains configuration information for the clie
nt.
A name service can supply identification information required by a JumpStart cli
ent.
The first entry found for any value in the sysidcfg file is used by the client.
services which are found in a Jumpstart configuration
- Configuration
- Identification
- Boot
- Installation
Which two are functions of the check script?
- It looks for errors in client profile files.
default
core
default
disabled
enabled
disabled
disabled
disabled